HPB Talk won't work for unknown reasons

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • 30.0.5
• Operating system and version (e.g., Ubuntu 24.04):
  • debian 12
• Web server and version (e.g, Apache 2.4.25):
  • Apache2 2.4.62
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • nginx 1.22.1
• PHP version (e.g, 8.3):
  • 8.3
• Is this the first time you’ve seen this error? (Yes / No):
  • Yes because it’s the first time I try to setup a HPB server for my nextcloud instance
• When did this problem seem to first start?
  • during setup
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • bare metal
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • no

Summary of the issue you are facing:

I’m setting up a High Performance Backend server for nextcloud talk.
After all, I setup address and secret key of my HPB in discussion setting of my nextcloud instance and all seem OK (OK: current version : unknow)
But when I send a message in android talk, i can see the message go out and when I go on talk part in web interface of nextcloud, I have this error message :
“failed to establish signaling connection. something might be wrong in te signaling server configuration”
I can find this log too :

[no app in context] Erreur: Client error: `POST HPBServer/standalone-signaling/api/v1/room/xxxxxx` resulted in a `403 Forbidden` response:
Authentication check failed


	POST /ocs/v2.php/apps/spreed/api/v4/room/d5jrd6ji/participants/active
	de 192.168.0.254 par username à 21 janv. 2025, 11:01:08

I verified all setting and I tried lot of things but I can’t find the problem …
Someone can help me to test my HPB server please ?

It still looks like your secret is wrong. Can you change it to something simple and retry ?

I verified over and over but I can change it to try.
Are you agree secret is this section :

[MyNextcloud-backend]
url = url_of_my_nextcloud_instance
secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

?

I assume so, yes. Maybe you can post the complete config to take a look?

Also, it is worth checking the logs of the signaling server

my configuration :

[http]
listen = 127.0.0.1:8080
listen = 192.168.0.51:8080

[https]

[app]
debug = false

[sessions]
hashkey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
blockkey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[clients]

[backend]
backends = nextcloud-backend-0
allowall = false
allowed = Url_of_My_Nextcloud_instance
timeout = 10
connectionsperhost = 8

[nextcloud-backend-0]
url = url_of_my_nextcloud_instance
secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[nats]
url = nats://localhost:4222

[mcu]
type = janus
url = ws://127.0.0.1:8188

[turn]
apikey = xxxxxxxxxxxxxxxxxxxx
secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
servers = turn:URL_of_my_HPB_Server:3478?transport=udp,turn:URL_of_my_HPB_Server:3478?transport=tcp

[geoip]

[geoip-overrides]

[continent-overrides]

[stats]

[etcd]

[grpc]

in log, I’m just finding that problem :
Could not get capabilities for https://Url_Of_My_Nextcloud/ocs/v2.php/apps/spreed/api/v3/signaling/backend: Get “https://Url_Of_My_Nextcloud/ocs/v2.php/cloud/capabilities”: http: server gave HTTP response to HTTPS client

I not really sure but it seems to me this error could be related to the reverse proxy configuration with mixed https and http rewrites or reverse syntax. What tells you the server if you call the https: URL in your browser? Get a deep look for errors ih they appears then in your browser dev console.

After I saw signaling log, I thought about reverse proxy problem too … but I can’t see where is the problem …
First : I have a nginx reverse proxy before I begin to setup a HPB Server.
I had my nextcloud server only … and no error on my nextcloud instance.
But, since I created another conf file on my nginx reverse proxy (for HPB server with another domain name), I have warning on my nextcloud instance which come back and I don’t know why … I have warning about ocm-provider and webfinger …
Second : have I to add something in my HPB conf file on my reverse proxy to have the good communication protocol (http or https) ?

Big thank you to try to help me !

My first problem is solved … I don’t have warning anymore …
now, I look for solution about the problem with my HPB configuration…

I think I found a part of my problem.
In my HPB host file, I tried to add an entry about my nextcloud instance with its private IP. At beginning, I thought that was the problem and I added it.
Now, I removed that thing and I don’t have the error “http: server gave HTTP response to HTTPS client” anymore.
But I have the error “failed to establish signaling connection. something might be wrong in te signaling server configuration” again in my talk web interface …
In android talk apps, messages seem to work fine, not the calls.
The only error I found in signaling log is :

Error reading from websocket close 1006 abnormal closure unexpected EOF high performance backend

I didn’t find error in janus, reverse proxy or nextcloud log …

Finally, I have this problem in my Nginx reverse proxy log.
“GET /standalone-signaling/spreed HTTP/1.1” 101 400
but I don’t know why …

Is it normal https://HPB_URL/standalone-signaling/spreed impossible to join ? :

curl -i https://HPB_URL/standalone-signaling/api/v1/welcome
HTTP/2 200
server: nginx/1.22.1
date: Sat, 25 Jan 2025 17:52:31 GMT
content-type: application/json; charset=utf-8
content-length: 61
x-spreed-signaling-features: audio-video-permissions, dialout, federation, hello-v2, incall-all, join-features, mcu, offer-codecs, recipient-call, simulcast, switchto, transient-data, update-sdp, welcome
strict-transport-security: max-age=63072000; includeSubdomains; preload;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: none
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN

{“nextcloud-spreed-signaling”:“Welcome”,“version”:“unknown”}

curl -i https://HPB_URL/standalone-signaling/spreed
HTTP/2 400
server: nginx/1.22.1
date: Sat, 25 Jan 2025 17:52:41 GMT
content-type: text/plain; charset=utf-8
content-length: 12
sec-websocket-version: 13
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: none
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN

Bad Request

I tried this test on my HPB server :

curl -i http://127.0.0.1:8080/spreed
HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Sec-Websocket-Version: 13
X-Content-Type-Options: nosniff
Date: Sat, 25 Jan 2025 22:14:13 GMT
Content-Length: 12

Bad Request

So, my problem is on my HPB server … not on my reverse proxy server … (reverse proxy is on another vm)

That’s expected if you test a websocket endpoint with curl.

Please, if you see an error, post the full error or screenshot. It’s really hard to help otherwise.

You still see “Failed to establish signaling connection”? Then check the browsers log for more details and post the error here.

Yes I still have “Failed to establish signaling connection”.
is it OK with this screenshot ? :

I’m looking for if I find a similar problem and I found this :
https://help.nextcloud.com/t/talk-hpb-could-not-connect-to-server-error-invalid-token-message-the-passed-token-is-invalid/156092
It seems to be a domain name problem … When I begin with my nextcloud instance, the address to access is https://Nextcloud_URL/nextcloud
Now my nextcloud instance is accessible with 2 addresses :
https://Nextcloud_URL/nextcloud
https://Nextcloud_URL
is it possible this is the source of my problem ?

Could be, does it work if you use the other one? Also, are both added as a backend?

Please also check the signaling logs and post the part that is logged when you see the signaling error.

If I use https://Nextcloud_URL/nextcloud in serveur.conf and to access to my nextcloud instance, I have the same problem.
If I use 2 backends, one with my nextcloud_URL and the other with nextcloud_URL/nextcloud, same problem too

While I have my previous browser log with “Failed to establish signaling connection” message on nextcloud talk, I have this signaling logs :

janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: mcu_janus.go:366: Created Janus session 6718561802697765
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: mcu_janus.go:373: Created Janus handle 5838941525541126
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: main.go:303: Using janus MCU
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: hub.go:411: Using a timeout of 10s for MCU requests
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: backend_server.go:98: Using configured TURN API key
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: backend_server.go:99: Using configured shared TURN secret
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: backend_server.go:101: Adding "turn:HPB_URL:3478?transport=udp" as TURN server
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: backend_server.go:101: Adding "turn:HPB_URL:3478?transport=tcp" as TURN server
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: backend_server.go:114: No IPs configured for the stats endpoint, only allowing access from 127.0.0.1
janv. 26 16:25:13 HPB nextcloud-spreed-signaling-server[3078]: main.go:384: Listening on 192.168.0.51:8080
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 5 ms (5.144505ms)
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]: capabilities.go:129: Capabilities expired for https://nextcloud_URL/ocs/v2.php/cloud/capabilities, updating
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]: capabilities.go:221: Received capabilities map[config:map[attachments:map[allowed:false] call:map[blur-virtual-background:false breakout-rooms:true can-enable-sip:false can-upload-background:false enabled:true max-duration:0 predefined-backgrounds:[1_office.jpg 2_home.jpg 3_abstract.jpg 4_beach.jpg 5_park.jpg 6_theater.jpg 7_library.jpg 8_space_station.jpg] recording:false recording-consent:0 sip-dialout-enabled:false sip-enabled:false start-without-media:false supported-reactions:[❤️ 🎉 👏 👋 👍 👎 🔥 😂 🤩 🤔 😲 😥]] chat:map[has-translation-providers:false max-length:32000 read-privacy:0 summary-threshold:100 typing-privacy:0] conversations:map[can-create:false] federation:map[enabled:false incoming-enabled:false only-trusted-servers:true outgoing-enabled:false] previews:map[max-gif-size:3.145728e+06] signaling:map[hello-v2-token-key:-----BEGIN PUBLIC KEY-----
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]: -----END PUBLIC KEY-----
janv. 26 16:25:53 HPB nextcloud-spreed-signaling-server[3078]:  session-ping-limit:200]] config-local:map[attachments:[allowed folder] call:[predefined-backgrounds can-upload-background start-without-media blur-virtual-background] chat:[read-privacy has-translation-providers typing-privacy summary-threshold] conversations:[can-create] federation:[enabled incoming-enabled outgoing-enabled only-trusted-servers] previews:[max-gif-size] signaling:[session-ping-limit hello-v2-token-key]] features:[audio video chat-v2 conversation-v4 guest-signaling empty-group-room guest-display-names multi-room-users favorites last-room-activity no-ping system-messages delete-messages mention-flag in-call-flags conversation-call-flags notification-levels invite-groups-and-mails locked-one-to-one-rooms read-only-rooms listable-rooms chat-read-marker chat-unread webinary-lobby start-call-flag chat-replies circles-support force-mute sip-support sip-support-nopin chat-read-status phonebook-search raise-hand room-description rich-object-sharing temp-user-avatar-api geo-location-sharing voice-message-sharing signaling-v3 publishing-permissions clear-history direct-mention-flag notification-calls conversation-permissions rich-object-list-media rich-object-delete unified-search chat-permission silent-send silent-call send-call-notification talk-polls breakout-rooms-v1 recording-v1 avatar chat-get-context single-conversation-status chat-keep-notifications typing-privacy remind-me-later bots-v1 markdown-messages media-caption session-state note-to-self recording-consent sip-support-dialout delete-messages-unlimited edit-messages silent-send-state chat-read-last federation-v1 federation-v2 ban-v1 chat-reference-id mention-permissions edit-messages-note-to-self archived-conversations-v2 talk-polls-drafts download-call-participants email-csv-import call-notification-state-api message-expiration reactions] features-local:[favorites chat-read-status listable-rooms phonebook-search temp-user-avatar-api unified-search avatar remind-me-later note-to-self archived-conversations-v2 chat-summary-api call-notification-state-api] version:20.1.3] from https://Nextcloud_URL/ocs/v2.php/cloud/capabilities
janv. 26 16:25:55 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.396544ms)
janv. 26 16:25:55 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.797798ms)
janv. 26 16:25:56 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 2 ms (2.84584ms)
janv. 26 16:25:57 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.285556ms)
janv. 26 16:25:59 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.537995ms)
janv. 26 16:25:59 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.449386ms)
janv. 26 16:26:00 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.544271ms)
janv. 26 16:26:01 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.166495ms)
janv. 26 16:26:02 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.566745ms)
janv. 26 16:26:03 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.442658ms)
janv. 26 16:26:04 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.617295ms)
janv. 26 16:26:05 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.379021ms)
janv. 26 16:26:06 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.523274ms)
janv. 26 16:26:07 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 2 ms (2.784859ms)
janv. 26 16:26:08 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 4 ms (4.183434ms)
janv. 26 16:26:09 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 4 ms (4.116938ms)
janv. 26 16:26:10 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.843765ms)
janv. 26 16:26:11 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 2 ms (2.508305ms)
janv. 26 16:26:12 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 3 ms (3.307174ms)
janv. 26 16:26:13 HPB nextcloud-spreed-signaling-server[3078]: client.go:355: Client from 192.168.0.254 has RTT of 34 ms (34.446061ms)

I have the same issue. Before i use 29 NC, then reinstall it to 30.05 from 0. The HPB, turn and other VMs wasn’t changed.
I got message that my HPB is too old and don’t supported by NC 30.0.5. I rebuild it from source (v2.0.2). The massages like ‘403 Forbidden’ appears in the NC log.
The second issue that when i press check turn server i got ‘red point’ but nothing happens, no log, no traffic.
Manual checks is working.

Hi @tessem
i always have no solution about my problem but maybe that confirms there is a bug with the last version of hpb and the last version of nextcloud ?

Do you have the same error in the browser console when you try to open a talk in talk web interface ?

I have found that new version required key between 24 and 32 bit and recreate key with

openssl rand -hex 32

also try to synchronize time on servers with NTP or with

date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"

this steps solved 403 forbidden for me.